DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 

CMS_RecipientInfo_decrypt(3)





NAME

       CMS_get0_RecipientInfos, CMS_RecipientInfo_type, CMS_Recipi-
       entInfo_ktri_get0_signer_id,CMS_RecipientInfo_ktri_cert_cmp, CMS_Recip-
       ientInfo_set0_pkey, CMS_RecipientInfo_kekri_get0_id, CMS_Recipi-
       entInfo_kekri_id_cmp, CMS_RecipientInfo_set0_key, CMS_Recipi-
       entInfo_decrypt, CMS_RecipientInfo_encrypt - CMS envelopedData Recipi-
       entInfo routines


SYNOPSIS

        #include <openssl/cms.h>

        STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
        int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);

        int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri, ASN1_OCTET_STRING **keyid, X509_NAME **issuer, ASN1_INTEGER **sno);
        int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
        int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);

        int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri, X509_ALGOR **palg, ASN1_OCTET_STRING **pid, ASN1_GENERALIZEDTIME **pdate, ASN1_OBJECT **potherid, ASN1_TYPE **pothertype);
        int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri, const unsigned char *id, size_t idlen);
        int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri, unsigned char *key, size_t keylen);

        int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
        int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);


DESCRIPTION

       The function CMS_get0_RecipientInfos() returns all the CMS_Recipi-
       entInfo structures associated with a CMS EnvelopedData structure.

       CMS_RecipientInfo_type() returns the type of CMS_RecipientInfo struc-
       ture ri.  It will currently return CMS_RECIPINFO_TRANS, CMS_RECIP-
       INFO_AGREE, CMS_RECIPINFO_KEK, CMS_RECIPINFO_PASS, or CMS_RECIP-
       INFO_OTHER.

       CMS_RecipientInfo_ktri_get0_signer_id() retrieves the certificate
       recipient identifier associated with a specific CMS_RecipientInfo
       structure ri, which must be of type CMS_RECIPINFO_TRANS. Either the
       keyidentifier will be set in keyid or both issuer name and serial num-
       ber in issuer and sno.

       CMS_RecipientInfo_ktri_cert_cmp() compares the certificate cert against
       the CMS_RecipientInfo structure ri, which must be of type CMS_RECIP-
       INFO_TRANS.  It returns zero if the comparison is successful and non
       zero if not.

       CMS_RecipientInfo_set0_pkey() associates the private key pkey with the
       CMS_RecipientInfo structure ri, which must be of type CMS_RECIP-
       INFO_TRANS.

       CMS_RecipientInfo_kekri_get0_id() retrieves the key information from
       the CMS_RecipientInfo structure ri which must be of type CMS_RECIP-
       INFO_KEK.  Any of the remaining parameters can be NULL if the applica-
       tion is not interested in the value of a field. Where a field is
       optional and absent NULL will be written to the corresponding parame-
       ter. The keyEncryptionAlgorithm field is written to palg, the keyIden-
       tifier field is written to pid, the date field if present is written to
       pdate, if the other field is present the components keyAttrId and key-
       Attr are written to parameters potherid and pothertype.

       CMS_RecipientInfo_kekri_id_cmp() compares the ID in the id and idlen
       parameters against the keyIdentifier CMS_RecipientInfo structure ri,
       which must be of type CMS_RECIPINFO_KEK.  It returns zero if the com-
       parison is successful and non zero if not.

       CMS_RecipientInfo_set0_key() associates the symmetric key key of length
       keylen with the CMS_RecipientInfo structure ri, which must be of type
       CMS_RECIPINFO_KEK.

       CMS_RecipientInfo_decrypt() attempts to decrypt CMS_RecipientInfo
       structure ri in structure cms. A key must have been associated with the
       structure first.

       CMS_RecipientInfo_encrypt() attempts to encrypt CMS_RecipientInfo
       structure ri in structure cms. A key must have been associated with the
       structure first and the content encryption key must be available: for
       example by a previous call to CMS_RecipientInfo_decrypt().


NOTES

       The main purpose of these functions is to enable an application to
       lookup recipient keys using any appropriate technique when the simpler
       method of CMS_decrypt() is not appropriate.

       In typical usage and application will retrieve all CMS_RecipientInfo
       structures using CMS_get0_RecipientInfos() and check the type of each
       using CMS_RecpientInfo_type(). Depending on the type the CMS_Recipi-
       entInfo structure can be ignored or its key identifier data retrieved
       using an appropriate function. Then if the corresponding secret or pri-
       vate key can be obtained by any appropriate means it can then associ-
       ated with the structure and CMS_RecpientInfo_decrypt() called. If suc-
       cessful CMS_decrypt() can be called with a NULL key to decrypt the
       enveloped content.

       The CMS_RecipientInfo_encrypt() can be used to add a new recipient to
       an existing enveloped data structure. Typically an application will
       first decrypt an appropriate CMS_RecipientInfo structure to make the
       content encrypt key available, it will then add a new recipient using a
       function such as CMS_add1_recipient_cert() and finally encrypt the con-
       tent encryption key using CMS_RecipientInfo_encrypt().


RETURN VALUES

       CMS_get0_RecipientInfos() returns all CMS_RecipientInfo structures, or
       NULL if an error occurs.

       CMS_RecipientInfo_ktri_get0_signer_id(), CMS_RecipientInfo_set0_pkey(),
       CMS_RecipientInfo_kekri_get0_id(), CMS_RecipientInfo_set0_key() and
       CMS_RecipientInfo_decrypt() return 1 for success or 0 if an error
       occurs.  CMS_RecipientInfo_encrypt() return 1 for success or 0 if an
       error occurs.

       CMS_RecipientInfo_ktri_cert_cmp() and CMS_RecipientInfo_kekri_cmp()
       return 0 for a successful comparison and non zero otherwise.

       Any error can be obtained from ERR_get_error(3).


SEE ALSO

       ERR_get_error(3), CMS_decrypt(3)


HISTORY

       These functions were first was added to OpenSSL 0.9.8

1.0.2t                            2019-09-10        CMS_get0_RecipientInfos(3)

Man(1) output converted with man2html